-
Notifications
You must be signed in to change notification settings - Fork 55
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #463 from hackjunction/dev
Auth0 tenant documentation & and bug fix #460
- Loading branch information
Showing
12 changed files
with
4,594 additions
and
51 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,103 @@ | ||
{ | ||
"configuration": [ | ||
{ | ||
"_id": "v1", | ||
"rolesInToken": true, | ||
"permissionsInToken": true, | ||
"persistRoles": true, | ||
"persistPermissions": true | ||
} | ||
], | ||
"permissions": [ | ||
{ | ||
"applicationType": "client", | ||
"applicationId": "applicationId", | ||
"description": "Can access the recruitment dashboard", | ||
"name": "access:recruitment", | ||
"_id": "e7b2a8a4-a0d7-4d2d-8287-f855f14ce788" | ||
}, | ||
{ | ||
"applicationType": "client", | ||
"applicationId": "applicationId", | ||
"description": "Can create new events", | ||
"name": "create:event", | ||
"_id": "de453879-880f-444e-8776-f3ca4d11558b" | ||
}, | ||
{ | ||
"applicationType": "client", | ||
"applicationId": "applicationId", | ||
"description": "Can delete events which they organise", | ||
"name": "delete:event", | ||
"_id": "3687fde6-ab38-4fbf-bb93-b1a496f53e04" | ||
}, | ||
{ | ||
"applicationType": "client", | ||
"applicationId": "applicationId", | ||
"description": "Can access event management", | ||
"name": "manage:event", | ||
"_id": "e4531c1d-3825-47ad-aaef-72169843c4f2" | ||
}, | ||
{ | ||
"applicationType": "client", | ||
"applicationId": "applicationId", | ||
"description": "Can manage access to recruitment dashboard", | ||
"name": "manage:recruitment", | ||
"_id": "60ccbf60-7172-42f9-bf02-e552c03f5946" | ||
} | ||
], | ||
"roles": [ | ||
{ | ||
"_id": "2d2c4e8e-6716-476d-badc-aa37abd4a99b", | ||
"applicationType": "client", | ||
"applicationId": "applicationId", | ||
"description": "Access to some organiser functionality", | ||
"name": "AssistantOrganiser", | ||
"permissions": ["e4531c1d-3825-47ad-aaef-72169843c4f2"] | ||
}, | ||
{ | ||
"_id": "8b6bcb7c-011a-4479-b45c-f646d5b200cb", | ||
"applicationType": "client", | ||
"applicationId": "applicationId", | ||
"description": "Access to all organiser functionality", | ||
"name": "Organiser", | ||
"permissions": [ | ||
"de453879-880f-444e-8776-f3ca4d11558b", | ||
"3687fde6-ab38-4fbf-bb93-b1a496f53e04", | ||
"e4531c1d-3825-47ad-aaef-72169843c4f2" | ||
] | ||
}, | ||
{ | ||
"_id": "412a6c79-4ec7-41e4-b180-5d1391c7dcf1", | ||
"applicationType": "client", | ||
"applicationId": "applicationId", | ||
"description": "Can access recruitment functionality", | ||
"name": "Recruiter", | ||
"permissions": ["e7b2a8a4-a0d7-4d2d-8287-f855f14ce788"] | ||
}, | ||
{ | ||
"_id": "45e3cd1c-2fbc-4d49-b730-3bedbab57cb6", | ||
"applicationType": "client", | ||
"applicationId": "applicationId", | ||
"description": "Has permission to add and remove recruiter access", | ||
"name": "RecruiterAdmin", | ||
"permissions": [ | ||
"60ccbf60-7172-42f9-bf02-e552c03f5946", | ||
"e7b2a8a4-a0d7-4d2d-8287-f855f14ce788" | ||
] | ||
}, | ||
{ | ||
"_id": "637fae63-fa0d-49fb-b137-01dcb75e8efe", | ||
"applicationType": "client", | ||
"applicationId": "applicationId", | ||
"description": "God Mode (can do everything)", | ||
"name": "SuperAdmin", | ||
"permissions": [ | ||
"e7b2a8a4-a0d7-4d2d-8287-f855f14ce788", | ||
"3687fde6-ab38-4fbf-bb93-b1a496f53e04", | ||
"e4531c1d-3825-47ad-aaef-72169843c4f2", | ||
"de453879-880f-444e-8776-f3ca4d11558b", | ||
"60ccbf60-7172-42f9-bf02-e552c03f5946" | ||
] | ||
} | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
{ | ||
"AUTH0_DOMAIN": "<your-tenant>.eu.auth0.com", | ||
"AUTH0_CLIENT_ID": "<your-tenant>", | ||
"AUTH0_CLIENT_SECRET": "<your-tenant>", | ||
"AUTH0_KEYWORD_REPLACE_MAPPINGS": { | ||
"APP_CALLBACKS": [ | ||
"http://localhost:3000/callback", | ||
"http://localhost:3000" | ||
], | ||
"APP_LOGOUT_URLS": [ | ||
"http://localhost:3000/logout", | ||
"http://localhost:3000" | ||
], | ||
"AUDIENCE": "https://<your-tenant>.eu.auth0.com/api/v2/", | ||
"APP_NAME_BACKEND": "Junction App Backend", | ||
"APP_NAME_FRONTEND": "Junction SSO", | ||
"AUTHZ_URL": "https://<your-tenant>.webtask.io/adf6e2f2b84784b57522e3b19dfc9201" | ||
}, | ||
"EXCLUDED_PROPS": { | ||
"clients": ["client_secret"], | ||
"connections": ["options.client_secret"] | ||
}, | ||
"AUTH0_ALLOW_DELETE": true | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,79 @@ | ||
<!DOCTYPE html> | ||
<html> | ||
<head> | ||
<meta charset="utf-8"> | ||
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> | ||
<title>Sign In with Auth0</title> | ||
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=0" /> | ||
</head> | ||
<body> | ||
|
||
<!--[if IE 8]> | ||
<script src="//cdnjs.cloudflare.com/ajax/libs/ie8/0.2.5/ie8.js"></script> | ||
<![endif]--> | ||
|
||
<!--[if lte IE 9]> | ||
<script src="https://cdn.auth0.com/js/base64.js"></script> | ||
<script src="https://cdn.auth0.com/js/es5-shim.min.js"></script> | ||
<![endif]--> | ||
|
||
<script src="https://cdn.auth0.com/js/lock/11.26/lock.min.js"></script> | ||
<script> | ||
// Decode utf8 characters properly | ||
var config = JSON.parse(decodeURIComponent(escape(window.atob('@@config@@')))); | ||
config.extraParams = config.extraParams || {}; | ||
var connection = config.connection; | ||
var prompt = config.prompt; | ||
var languageDictionary; | ||
var language; | ||
|
||
if (config.dict && config.dict.signin && config.dict.signin.title) { | ||
languageDictionary = { title: config.dict.signin.title }; | ||
} else if (typeof config.dict === 'string') { | ||
language = config.dict; | ||
} | ||
var loginHint = config.extraParams.login_hint; | ||
var colors = config.colors || {}; | ||
|
||
// Available Lock configuration options: https://auth0.com/docs/libraries/lock/v11/configuration | ||
var lock = new Auth0Lock(config.clientID, config.auth0Domain, { | ||
auth: { | ||
redirectUrl: config.callbackURL, | ||
responseType: (config.internalOptions || {}).response_type || | ||
(config.callbackOnLocationHash ? 'token' : 'code'), | ||
params: config.internalOptions | ||
}, | ||
configurationBaseUrl: config.clientConfigurationBaseUrl, | ||
overrides: { | ||
__tenant: config.auth0Tenant, | ||
__token_issuer: config.authorizationServer.issuer | ||
}, | ||
assetsUrl: config.assetsUrl, | ||
allowedConnections: connection ? [connection] : null, | ||
rememberLastLogin: !prompt, | ||
language: config.extraParams.ui_locales, | ||
languageDictionary: languageDictionary, | ||
theme: { | ||
//logo: 'YOUR LOGO HERE', | ||
primaryColor: colors.primary ? colors.primary : 'green' | ||
}, | ||
prefill: loginHint ? { email: loginHint, username: loginHint } : null, | ||
closable: false, | ||
defaultADUsernameFromEmailPrefix: false | ||
}); | ||
|
||
if(colors.page_background) { | ||
var css = '.auth0-lock.auth0-lock .auth0-lock-overlay { background: ' + | ||
colors.page_background + | ||
' }'; | ||
var style = document.createElement('style'); | ||
|
||
style.appendChild(document.createTextNode(css)); | ||
|
||
document.body.appendChild(style); | ||
} | ||
|
||
lock.show(); | ||
</script> | ||
</body> | ||
</html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
function (user, context, callback) { | ||
const namespace = 'https://app.hackjunction.com/'; | ||
const assignedRoles = (context.authorization || {}).roles || []; | ||
|
||
context.idToken[namespace + 'country'] = context.request.geoip.country_name; | ||
context.idToken[namespace + 'city'] = context.request.geoip.city_name; | ||
context.idToken[namespace + 'latitude'] = context.request.geoip.latitude; | ||
context.idToken[namespace + 'longitude'] = context.request.geoip.longitude; | ||
context.idToken[namespace + 'roles'] = user.roles; | ||
context.idToken[namespace + 'permissions'] = user.permissions; | ||
context.idToken[namespace + 'email'] = user.email; | ||
context.idToken[namespace + 'email_verified'] = user.email_verified; | ||
|
||
if (user.user_metadata) { | ||
context.idToken[namespace + 'recruiter_events'] = user.user_metadata.recruiterEvents || []; | ||
context.idToken[namespace + 'recruiter_organisation'] = user.user_metadata.recruiterOrganisation; | ||
} | ||
|
||
|
||
callback(null, user, context); | ||
} |
Oops, something went wrong.